Skip to content

Manage Resources List

You can configure the GCP BigQuery connector to manage access control policies for specific projects, datasets, and tables. By specifying inclusion and exclusion lists, you can control which resources are managed. The connector applies access control policies to resources in the include list and ignores those in the exclude list. If a resource appears in both the include and exclude lists, the connector will not manage it.

Use the following properties to specify comma-separated projects, datasets, and tables whose access control should be managed by PolicySync. To manage all resources, simply leave these properties unspecified. Wildcard characters (*) can be used to match multiple projects, datasets, and tables.

Example:

  • Project: gcp-project-123, gcp-project*
  • Dataset: gcp-project-123.analytics_db, gcp-project*.test_db*
  • Table: gcp-project-123.analytics_db.customer_table, gcp-project*.test_db*.*

Prerequisites

  1. You have successfully installed Privacera Manager and have the base installation operational.
  2. You have configured the connector for BigQuery or are in the process of doing so.

Configuration Steps

Warning

  • Values are case-sensitive.
  • Provide fully qualified names for project, datasets, and table where applicable.
  • Example (for table resource only): gcp-project-123.analytics_db.customer_table
  • Replace the example values with your actual resource names.

  1. Navigate to SettingsApplications in the Self-Managed Portal.

  2. Select BigQuery from the list of Connected Applications.

  3. Click on the application name or the icon, then click on Access Management.

  4. For including resources, enter the following values in the respective fields under BASIC tab:

    • Projects to manage access control policies : gcp-project-123
    • Datasets to manage access control policies : gcp-project-123.test_db
    • Tables to manage access control policies : gcp-project-123.analytics_db.test_table

  5. For excluding resources, enter the following values in the respective fields under ADVANCED tab:

    • Projects to ignore while setting access control policies : gcp-project-111
    • Datasets to ignore while setting access control policies : gcp-project-123.test_db
    • Tables to ignore while setting access control policies : gcp-project-123.analytics_db.test_table

  6. Click SAVE to apply the changes.

Warning

The values shown below are for example purposes only. Replace them with your actual configuration values.

Update Configuration File Modify the following property in the vars.connector.bigquery.yml file located in the connector’s instance directory.

YAML
1
2
3
4
5
6
7
CONNECTOR_BIGQUERY_MANAGE_PROJECT_LIST: "gcp-project-123"
CONNECTOR_BIGQUERY_MANAGE_DATASET_LIST: "gcp-project-123.analytics_db"
CONNECTOR_BIGQUERY_MANAGE_TABLE_LIST: "gcp-project-123.analytics_db.customer_table, gcp-project-123.analytics_db.finance_*"

CONNECTOR_BIGQUERY_IGNORE_PROJECT_LIST: "gcp-project-111"
CONNECTOR_REDSHIFT_IGNORE_DATABASE_LIST: "gcp-project-123.test_db"
CONNECTOR_REDSHIFT_IGNORE_TABLE_LIST: "*.*.test_*"
The MANAGE list will include the objects to be managed by the connector, while the IGNORE list will exclude them

Save the file and update the privacera manager

Bash
1
2
cd ~/privacera/privacera-manager
./privacera-manager.sh update

  1. In PrivaceraCloud, go to Settings -> Applications.

  2. Select BigQuery from the list of Connected Applications.

  3. Click on the application name or the icon, then click on Access ManagementADVANCED tab.

  4. For including resources, enter the following values in the respective fields:

    • Datasets to Set Access Control Policies : gcp-project-123.test_db
    • Tables to Set Access Control Policies : gcp-project-123.analytics_db.test_table

  5. For excluding resources, enter the following values in the respective fields:

    • Projects to Ignore While Setting Access Control Policies : gcp-project-111
    • Datasets to Ignore While Setting Access Control Policies : gcp-project-123.test_db
    • Tables to Ignore While Setting Access Control Policies : gcp-project-123.analytics_db.test_table

  6. Click SAVE.

  7. Once saved and enabled, the BigQuery connector will start. Then you can hover on the VIEW LOGS button to check the status, either Running or Stopped.

Note

Text Only
1
Perform the following steps only if the connector does not reflect the updated configuration and requires a restart.

Restart The BigQuery Connector:

  1. Go to Settings > Applications > select the BigQuery connector application .

  2. Edit the application > Disable it > and Save it.

  3. Open the same application again and then: Enable it and Save it.

Comments